Note:
On EX9200 switches, graceful Routing Engine switchover(GRES), nonstop active routing (NSR), and logical systems are notsupported on Layer 2 VPN configurations. Layer 2 VPN is not supportedon the EX9200 Virtual Chassis.
As the need to link different Layer 2 services to one anotherfor expanded service offerings grows, Layer 2 Multiprotocol LabelSwitching (MPLS) VPN services are increasingly in demand.
Implementing a Layer2 VPN on a router is similar to implementinga VPN using a Layer2 technology such as Asynchronous TransferMode (ATM) or Frame Relay. However, for a Layer2 VPN on a router,traffic is forwarded to the router in a Layer2 format. It iscarried by MPLS over the service provider’s network, and thenconverted back to Layer2 format at the receiving site. You canconfigure different Layer2 formats at the sending and receivingsites. The security and privacy of an MPLS Layer2 VPN are equalto those of an ATM or Frame Relay VPN. The service provisioned withLayer 2 VPNs is also known as Virtual Private WireService (VPWS).
On a Layer2 VPN, routing occurs on the customer’srouters, typically on the customer edge (CE) router. The CE routerconnected to a service provider on a Layer2VPN must selectthe appropriate circuit on which to send traffic. The provider edge(PE) router receiving the traffic sends it across the service provider’snetwork to the PE router connected to the receiving site. The PE routersdo not need to store or process the customer’s routes; theyonly need to be configured to send data to the appropriate tunnel.
For a Layer2 VPN, customers need to configure their ownrouters to carry all Layer3 traffic. The service provider needsto know only how much traffic the Layer2 VPN will need to carry.The service provider’s routers carry traffic between the customer’ssites using Layer2 VPN interfaces. The VPN topology is determinedby policies configured on the PE routers.
Customers need to know only which VPN interfaces connect towhich of their own sites. Figure 1 illustratesa Layer2 VPN in which each site has a VPN interface linked toeach of the other customer sites.
Figure 1: Layer2 VPN Connecting CE Routers
Implementing a Layer2 MPLS VPN includes the followingbenefits:
Service providers do not have to invest in separate Layer2equipment to provide Layer2VPN service. A Layer2MPLS VPN allows you to provide Layer2 VPN service over an existingIP and MPLS backbone.
You can configure the PE router to run any Layer3protocol in addition to the Layer2protocols.
Customers who prefer to maintain control over most ofthe administration of their own networks might want Layer2 VPNconnections with their service provider instead of a Layer3VPN.
Because Layer 2 VPNs use BGP as the signaling protocol, they have a simpler design and requireless overhead than traditional VPNs over Layer 2 circuits. BGP signalingalso enables autodiscovery of Layer 2 VPN peers. Layer 2 VPNs aresimilar to BGP or MPLS VPNs and VPLS in many respects; all three types of services employ BGP for signaling.